installing a certificate

I'm trying to install a wildcard certificate signed by startssl on my
Leopard server (on a G5). I want to use it for https and smtp/imap.

I created a csr using server admin. A side effect of this was an
untrusted, self-signed root certificate in the system keychain named
"*.bogs.org". I used the CSR to get the signed certificate, and
imported it using server admin again. This resulted in three more
entries in the system keychain all named "*.bogs.org": a private key,
a public key, and a signed, trusted certificate (I had previously
added the CA's for startssl, which is why they were trused). I then
set up a web site (www.bogs.org) as https, using server admin again,
and I specified the "*.bogs.org" certificate. This all went relatively
smoothly.

The problem is that when I try to access the web page using https, my
browsers complain about an untrusted certificate, and show me what
looks exactly like the untrusted root certificate that was created
when I generated the CSR. Yet when I examine certificates in server
admin, it only shows the trusted, signed certificate from startssl for
"*.bogs.org".

Clearly, I'm missing one or more steps in this process.

By the way, there are also four files in /etc/certificates named
"*.bogs.org", with the suffixes .crt, .crtkey, .csr, and .key. The
dates on those files appear to be in the ballpark for when I specified
the "*.bogs.org" certificate for the web site. Also, in /etc/apache2,
there are empty ssl.crt and ssl.key directories, and under /etc/
apache2/sites, there is a .conf
file called 0001_any_443_www.bogs.org.conf, and in the <IfModule
mod_ssl.c> section, it specifies /etc/certificates/*.bogs.org.{crt,key}.

So several things seem to be getting set up right, but something is
missing.

Any suggestions? My skin is thick, I'm prepared to be scolded and sent
to read the documentation, which I would already have done if I knew
where it was.

Thanks,
Greg Shenaut
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden